Private Locations Configuration
Overview
Synthetic private locations come with a set of options you can configure to match your environment requirements. All options for the private location worker can be found by running the help
command:
docker run --rm datadog/synthetics-private-location-worker --help
synthetics-pl-worker.exe --help
Customize your private location
Available parameters are listed below.
These configuration options for private locations can be passed as parameters to your JSON configuration file or as arguments in the launch command, for example:
docker run --rm -v $PWD/<MY_WORKER_CONFIG_FILE_NAME>.json:/etc/datadog/synthetics-check-runner.json datadog/synthetics-private-location-worker:latest --logFormat=json
synthetics-pl-worker.exe --config=<PathToYourConfiguration> --logFormat=json
Arguments set in the launch command have precedence over the configuration file. However, these options are not stored and are consequently only relevant for a given launch.
Top configuration options
Datadog site configuration
site
- Type: String
Default: datadoghq.com
Datadog site from which the private location pulls the test configuration and pushes the test results. Your site
is
.
DNS configuration
The following parameters can be used to customize DNS resolution on your API tests:
dnsUseHost
- Type: Boolean
Default: true
Use host local DNS configuration first (for example, the configuration from your etc/resolv.conf
file), then DNS servers specified in the dnsServer
parameter. dnsServer
- Type: Array of Strings
Default: ["8.8.8.8","1.1.1.1"]
DNS servers IPs to use in given order (for example, --dnsServer="8.8.4.4" --dnsServer="8.8.8.8"
).
On browser tests, the DNS resolution is done directly by the browser, which usually reads DNS servers from the host. Alternatively, you can configure it at the container level (for example, using the --dns
flag on Docker, or dnsConfig.nameservers
on Kubernetes).
Proxy configuration
The following parameters can be used to configure a proxy to connect to Datadog:
proxyDatadog
- Type: String
Default: none
Proxy URL used by the private location to send requests to Datadog (for example, --proxyDatadog=http://<YOUR_USER>:<YOUR_PWD>@<YOUR_IP>:<YOUR_PORT>
). proxyIgnoreSSLErrors
- Type: Boolean
Default: false
Discard SSL errors when private location is using a proxy to send requests to Datadog. proxyEnableConnectTunnel
- Type: Boolean
Default: none
Enable HTTP CONNECT
tunneling for HTTP proxies. When this option is not set, HTTP CONNECT
tunneling is only used for HTTPS proxies.
Note: HTTP forward proxies like Squid may require the HTTP CONNECT
request to establish the initial TCP connection between the private location and Datadog. As such, the proxyEnableConnectTunnel
parameter should be set to true
. However, reverse proxies like HAProxy that direct an HTTP CONNECT
request to Datadog may not work with this option enabled.
Note: The proxy
parameter is deprecated and should be replaced by proxyDatadog
.
The following parameters can be used to configure a default proxy to use for Synthetic Monitoring tests:
proxyTestRequests
- Type: String
Default: none
Proxy URL used by the private location to send test requests to the endpoint. PAC files are supported with the following syntax: pac+https://...
or pac+http://...
.
Advanced configuration
concurrency
- Type: Number
Default: 10
Maximum number of tests executed in parallel. maxNumberMessagesToFetch
- Type: Number
Default: 10
Maximum number of tests fetched from Datadog.
Note: Private Location containers output logs to stdout
and stderr
without saving them within the container.
All configuration options
--accessKey
- Type: String
Default: none
Access key for Datadog API authentication. --secretAccessKey
- Type: String
Default: none
Secret access key for Datadog API authentication. --datadogApiKey
- Type: String
Default: none
Datadog API key to send browser tests artifacts (such as screenshots). --privateKey
- Type: Array
Default: none
Private key used to decrypt test configurations. --publicKey
- Type: Array
Default: none
Public key used by Datadog to encrypt test results. Composed of --publicKey.pem
. --site
- Type: String
Default: datadoghq.com
Datadog site from which the private location pulls the test configuration and pushes the test results. Your site is
. --concurrency
- Type: Number
Default: 10
Maximum number of tests executed in parallel. --maxNumberMessagesToFetch
- Type: Number
Default: 10
Maximum number of tests fetched from Datadog. --proxyDatadog
- Type: String
Default: none
Proxy URL used by the private location to send requests to Datadog (for example, --proxyDatadog=http://<YOUR_USER>:<YOUR_PWD>@<YOUR_IP>:<YOUR_PORT>
). --disableFipsCompliance
- Type: Boolean
Default: false
Disables the FIPS compliance for a private location using ddog-gov.com
.
By default, Private Locations reporting to ddog-gov.com
communicate to Datadog using FIPS-compliant encryption. The communication complies on the use of FIPS 140-2 validated Cryptographic Module - Certificate #4282. This option is required if you are using a Windows private location that reports to ddog-gov.com
. --dumpConfig
- Type: Boolean
Default: none
Display worker configuration parameters without secrets. --enableStatusProbes
- Type: Boolean
Enables the readiness and liveness of private location probes. This enables two endpoints: http://127.0.0.1:8080/liveness
and http://127.0.0.1:8080/readiness
. --statusProbesPort
- Type: Number
Default: 8080
Overrides the port for the private location status probes. --config
- Type: String
Default: /etc/datadog/synthetics-check-runner.json
Windows: C:\ProgramData\Datadog-Synthetics\worker-config.json
Path to the JSON configuration file. --proxyTestRequests
- Type: String
Default: none
Proxy URL used by the private location to send test requests to the endpoint. PAC files are supported with the following syntax: pac+https://...
or pac+http://...
. --proxyIgnoreSSLErrors
- Type: Boolean
Default: false
Discard SSL errors when private location is using a proxy to send requests to Datadog. --dnsUseHost
- Type: Boolean
Default: true
Use host local DNS configuration first (for example, the configuration from your etc/resolv.conf
file), then DNS servers specified in the dnsServer
parameter. --dnsServer
- Type: Array of Strings
Default: ["8.8.8.8","1.1.1.1"]
DNS servers IPs to use in given order (for example, --dnsServer="8.8.4.4" --dnsServer="8.8.8.8"
). --variableOverride
- Type: String
Overrides the variables used in tests running on the Private Location. Format: VARIABLE=value
.
All variables imported this way are obfuscated. --environmentVariableOverride
- Type: String
Overrides variables used in tests running on the Private Location with environment variables. It requires the environment variables to be imported in the containerized environment.
With Docker, for example, docker run --env VARIABLE gcr.io/datadoghq/synthetics-private-location-worker --environmentVariableOverride VARIABLE
.
All variables imported this way are obfuscated. --allowedIPRanges
- Type: Array of Strings
Default: none
Grant access to specific IPs and/or CIDR among IP ranges blocked through --enableDefaultBlockedIpRanges
or blockedIPRanges
(for example, "allowedIPRanges.4": "10.0.0.0/8"
). Note: allowedIPRanges
has precedence over blockedIPRanges
. --blockedIPRanges
- Type: Array of Strings
Default: none
Block access to specific IPs and/or CIDR in addition, or not, to the IP ranges blocked when setting the --enableDefaultBlockedIpRanges
parameter to true
(for example, --blockedIPRanges.4="127.0.0.0/8" --blockedIPRanges.6="::1/128"
.) --enableDefaultBlockedIpRanges
- Type: Boolean
Default: false
Prevent users from creating Synthetic tests on endpoints that are using reserved IP ranges (IANA IPv4 and IPv6 Special-Purpose Address Registry), except for those explicitly set with the --allowedIPRanges
parameter. --allowedDomainNames
- Type: Array
Default: none
Grant access to domain names in test. Has precedence over –blockedDomainNames, for example: --allowedDomainNames="*.example.com"
. --blockedDomainNames
- Type: Array
Default: none
Deny access to domain names in tests, for example: --blockedDomainNames="example.org" --blockedDomainNames="*.com"
. --enableIPv6
- Type: Boolean
Default: false
Use IPv6 to perform tests. Note: IPv6 in Docker is only supported with a Linux host. --version
- Type: Boolean
Default: none
Show version number of the worker. --logFormat
- Type: String
Default: pretty
Format log output between "compact"
, "pretty"
, "pretty-compact"
, and "json"
. Setting your log format to json
allows you to have these logs automatically parsed when collected by Datadog. --verbosity
- Type: Number
Default: 3
Verbosity level from 1
(errors only) to 4
(debug logs and above). Setting the verbosity from the command line is done with -v
, -vv
, -vvv
, and -vvvv
arguments.
Verbosity level | CLI argument | JSON config option |
---|
DEBUG | -vvvv | "verbosity": 4 |
INFO (default) | -vvv | "verbosity": 3 |
WARNING | -vv | "verbosity": 2 |
ERROR | -v | "verbosity": 1 |
--help
- Type: Boolean
Default: none
Show the output for the help command.
Environment variables
Command options can also be set using environment variables such as DATADOG_API_KEY="...", DATADOG_WORKER_CONCURRENCY="15", DATADOG_DNS_USE_HOST="true"
. For options that accept multiple arguments, use JSON string array notation (DATADOG_TESTS_DNS_SERVER='["8.8.8.8", "1.1.1.1"]'
)
Supported environment variables:
DATADOG_ACCESS_KEY
, DATADOG_API_KEY
, DATADOG_PRIVATE_KEY
, DATADOG_PUBLIC_KEY_PEM
, DATADOG_SECRET_ACCESS_KEY
, DATADOG_SITE
, DATADOG_WORKER_CONCURRENCY
, DATADOG_WORKER_LOG_FORMAT
, DATADOG_WORKER_LOG_VERBOSITY
, DATADOG_WORKER_MAX_NUMBER_MESSAGES_TO_FETCH
, DATADOG_WORKER_PROXY
, DATADOG_TESTS_DNS_SERVER
, DATADOG_TESTS_DNS_USE_HOST
, DATADOG_TESTS_PROXY
, DATADOG_TESTS_PROXY_ENABLE_CONNECT_TUNNEL
, DATADOG_TESTS_PROXY_IGNORE_SSL_ERRORS
, DATADOG_ALLOWED_IP_RANGES_4
, DATADOG_ALLOWED_IP_RANGES_6
, DATADOG_BLOCKED_IP_RANGES_4
, DATADOG_BLOCKED_IP_RANGES_6
, DATADOG_ENABLE_DEFAULT_WINDOWS_FIREWALL_RULES
, DATADOG_ALLOWED_DOMAIN_NAMES
, DATADOG_BLOCKED_DOMAIN_NAMES
, DATADOG_WORKER_ENABLE_STATUS_PROBES
, DATADOG_WORKER_STATUS_PROBES_PORT
Further Reading
Additional helpful documentation, links, and articles: